Personal tools
|
2008/10/21
Document ActionsVoting: Hackable or Error prone? You decide!Well, someone has probably decided for you. So, you Analyze!Hat Tip: MSNBC First Read: The SciFi channel has a page up that displays voting mechanism by state. It's quite jazzy, but I have one problem with the methodology. Mainly that they seem to think that if it's electronic, it's hackable but not error prone. While they do have a page discussing the pros and cons of the voting machines, they don't rank them that way on the map. Lumping all the electronic voting machines into one category doesn't encourage states to choose the least error-prone and secure voting machines. Still, it's an interesting effort and has a great deal of data.
2008/10/22
Open source momentum and spending during the recessionHat Tip: Slashdot, From ComputerWorld:
Red Hat president and CEO Jim Whitehurst expects the enterprise open source software business to emerge from the economic crisis stronger than the proprietary market.I could not agree more. But I don't think it is about open source vs proprietary. It is about cost savings and squeezing vendors more to save internal staff. We're seeing more and more large companies listen to the open source evangelists inside their companies about saving money by switching from expensive hardware tokens to a less-expensive open source two-factor authentication solution. In the end, though, people will think "Oh, we saved money going with an open source solution - let's look for other areas where we can that again."
Congrats to OBS!One of our OEM partners is really on a roll. Online Banking Solutions announced deals this week with Bank of Hawaii and First Tennessee . Keep it up!
2008/10/27
Over 25,000 downloads!I'm not sure if this confirms my argument that companies will switch to open source two-factor authentication during this downturn or not, but we have officially passed the 25,000 downloads mark from Sourceforge. That doesn't include downloads from our own website.
2008/10/29
Kaspersky Labs update on bank attacksHat tip: Securology. Kaspersky Labs has an updated analysis of banking attacks. You should read the whole thing, but I'll point out this section of the conclusion: While I assume they are talking about a hardware token, this is essentially what WiKID can do using two separate domains. Each domain has its own public/private key pair and thus are cryptographically distinct so the session authentication is completely separate from the transaction authentication. And there's no reason why we can't use the public keys to encrypt data that an attack can't guess a la Kaspersky's suggestion of the account number into which the funds are to be transferred.
2008/10/30
50 Must-Have Open Source Tools for SecurityThe WiKID Strong Authentication System - Community Edition is #38 in the 50 Must-Have Open Source Tools for Security.
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
Simpy
I may be reading the description wrong though.
First, there is no MITM attack that WiKID is vulnerable to which a hardware token is not also vulnerable. Second, the PC token includes https mutual authentication which prevents network-based MITM attacks for https and SSL-based (browser-based) VPNs. So, in fact, WiKID provides more MITM protection than a hardware token.
The PC token also has anti-keystroke logger functionality. Further, the latest Enterprise version allows you to have "Wireless Only" domains, so users must one of the J2ME, Blackberry or other smart-phone tokens.
HTH,
Nick